Facebook exploits telephone numbers as shadow data for advertising
In 2018, experiments showed that despite the company's denials, ads could be targeted at specific Facebook users via information that the users had never given Facebook, such as phone numbers.
The reason: Facebook allows advertisers to upload their own lists of phone numbers of email addresses, and the service will use them to put ads in front of users associated with those details. The company also uses information supplied for security purposes, including phone numbers provided for two-factor authentication, and information collected from others' lists of contacts. One concern is that this will deter users from implementing two-factor authentication, a security risk in itself; instead, it's Facebook's data handling practices that need to change.
The information in these "shadow profiles" cannot be viewed by users themselves, but it contributes to the accuracy with which advertisers can hit their targets. Despite GDPR, Facebook has told European users seeking this information that it's part of "confidential" algorithms.
Writer: Kashmir Hill; Gennie Gebhardt
Publication: Gizmodo; EFF